Why 2.1 is delayed for so long

Peter Todd pete at petertodd.org
Tue Sep 23 22:35:40 CEST 2014

On Tue, Sep 23, 2014 at 08:33:48PM +0200, Werner Koch wrote:
> On Tue, 23 Sep 2014 17:36, rjh at sixdemonbag.org said:
> >> In the future, it should be easy to put your master key offline.
> >
> > An excellent observation.  (No, I'm not being sarcastic.)  So why not
> > work on that problem?  If you come up with an easy way for people to do
> > it, then I'm sure Werner will re-evaluate his decision to not support this.
> I will definitely do that as soon as a cheap device is available which
> can be used to hold and somehow backup the offline key.  Using an > 15
> year old laptop for this task like me, can't be suggested to average
> users.
> I doubt that it is currently possible to design, produce, and sell such
> a device.  It is just not sexy enough for a crowdfunding campaign ("just
> for storing some part of the key - why can't I use my smartphone for
> it"?).  Such a device needs to be dedicated and resistant to remote
> exploits (USB stack, side channels) and may not have any extra gadgets.
> It needs a little screen and a small keyboard, though.

I suspect re-using hardware developed for keeping Bitcoins secure would
be a good approach, e.g. the Trezor: http://www.bitcointrezor.com/

That also gives ample incentive for attackers to find those remote

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140923/684dc526/attachment.sig>

More information about the Gnupg-devel mailing list